From 3d1d35fa2bcea715339c8a76e94c76a75355650804984faac77b44c6ce5d3efb Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Thu, 14 Dec 2017 10:12:57 +0000 Subject: [PATCH] Accepting request 556907 from home:Andreas_Schwab:Factory - tst-tlsopt-powerpc.patch: fix tst-tlsopt-powerpc (bcn#1070419) - powerpc-hwcap-bits.patch: Update HWCAP for powerpc (bnc#1070420) - malloc-tcache-check-overflow.patch: Fix integer overflow in malloc when tcache is enabled (CVE-2017-17426, bnc#1071479, BZ #22375) OBS-URL: https://build.opensuse.org/request/show/556907 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=487 --- glibc.changes | 8 ++ glibc.spec | 14 ++- malloc-tcache-check-overflow.patch | 21 ++++ powerpc-hwcap-bits.patch | 15 +++ tst-tlsopt-powerpc.patch | 171 +++++++++++++++++++++++++++++ 5 files changed, 228 insertions(+), 1 deletion(-) create mode 100644 malloc-tcache-check-overflow.patch create mode 100644 powerpc-hwcap-bits.patch create mode 100644 tst-tlsopt-powerpc.patch diff --git a/glibc.changes b/glibc.changes index acc49f2..18c59a8 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Dec 13 15:04:54 UTC 2017 - schwab@suse.de + +- tst-tlsopt-powerpc.patch: fix tst-tlsopt-powerpc (bcn#1070419) +- powerpc-hwcap-bits.patch: Update HWCAP for powerpc (bnc#1070420) +- malloc-tcache-check-overflow.patch: Fix integer overflow in malloc when + tcache is enabled (CVE-2017-17426, bnc#1071479, BZ #22375) + ------------------------------------------------------------------- Tue Dec 12 10:37:21 UTC 2017 - schwab@suse.de diff --git a/glibc.spec b/glibc.spec index d288fc9..e49c0d4 100644 --- a/glibc.spec +++ b/glibc.spec @@ -320,6 +320,12 @@ Patch1021: spawni-assert.patch Patch1022: x86-64-dl-platform.patch # PATCH-FIX-UPSTREAM no compat glob64 on s390 Patch1023: glob64-s390.patch +# PATCH-FIX-UPSTREAM tst-tlsopt-powerpc as a shared lib +Patch1024: tst-tlsopt-powerpc.patch +# PATCH-FIX-UPSTREAM Update HWCAP for powerpc +Patch1025: powerpc-hwcap-bits.patch +# PATCH-FIX-UPSTREAM Fix integer overflow in malloc when tcache is enabled (CVE-2017-17426, BZ #22375) +Patch1026: malloc-tcache-check-overflow.patch ### # Patches awaiting upstream approval @@ -368,6 +374,7 @@ Group: Development/Languages/C and C++ %description testsuite This package contains the testsuite results from the GNU C Library. +%if %{build_main} %package info Summary: Info Files for the GNU C Library License: GFDL-1.1 @@ -498,6 +505,7 @@ The glibc-extra package contains some extra binaries for glibc that are not essential but recommend to use. makedb: A program to create a database for nss +%endif # main %prep %setup -n glibc-%{version} -q -a 4 @@ -563,6 +571,9 @@ rm nscd/s-stamp %patch1021 -p1 %patch1022 -p1 %patch1023 -p1 +%patch1024 -p1 +%patch1025 -p1 +%patch1026 -p1 %patch2000 -p1 %patch2001 -p1 @@ -1103,6 +1114,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir} %endif # !main +%if %{build_main} + %post -p %{_sbindir}/glibc_post_upgrade %postun -p /sbin/ldconfig @@ -1142,7 +1155,6 @@ exit 0 %service_del_postun nscd.service exit 0 -%if %{build_main} %files # glibc %defattr(-,root,root) diff --git a/malloc-tcache-check-overflow.patch b/malloc-tcache-check-overflow.patch new file mode 100644 index 0000000..3d6fad5 --- /dev/null +++ b/malloc-tcache-check-overflow.patch @@ -0,0 +1,21 @@ +2017-11-30 Arjun Shankar + + [BZ #22375] + CVE-2017-17426 + * malloc/malloc.c (__libc_malloc): Use checked_request2size + instead of request2size. + +Index: glibc-2.26/malloc/malloc.c +=================================================================== +--- glibc-2.26.orig/malloc/malloc.c ++++ glibc-2.26/malloc/malloc.c +@@ -3052,7 +3052,8 @@ __libc_malloc (size_t bytes) + return (*hook)(bytes, RETURN_ADDRESS (0)); + #if USE_TCACHE + /* int_free also calls request2size, be careful to not pad twice. */ +- size_t tbytes = request2size (bytes); ++ size_t tbytes; ++ checked_request2size (bytes, tbytes); + size_t tc_idx = csize2tidx (tbytes); + + MAYBE_INIT_TCACHE (); diff --git a/powerpc-hwcap-bits.patch b/powerpc-hwcap-bits.patch new file mode 100644 index 0000000..4a7cbd6 --- /dev/null +++ b/powerpc-hwcap-bits.patch @@ -0,0 +1,15 @@ +2017-11-17 Tulio Magno Quites Machado Filho + + * sysdeps/powerpc/bits/hwcap.h (PPC_FEATURE2_HTM_NO_SUSPEND): New + macro. + +Index: glibc-2.26/sysdeps/powerpc/bits/hwcap.h +=================================================================== +--- glibc-2.26.orig/sysdeps/powerpc/bits/hwcap.h ++++ glibc-2.26/sysdeps/powerpc/bits/hwcap.h +@@ -72,3 +72,5 @@ + 128-bit */ + #define PPC_FEATURE2_DARN 0x00200000 /* darn instruction. */ + #define PPC_FEATURE2_SCV 0x00100000 /* scv syscall. */ ++#define PPC_FEATURE2_HTM_NO_SUSPEND 0x00080000 /* TM without suspended ++ state. */ diff --git a/tst-tlsopt-powerpc.patch b/tst-tlsopt-powerpc.patch new file mode 100644 index 0000000..e722d41 --- /dev/null +++ b/tst-tlsopt-powerpc.patch @@ -0,0 +1,171 @@ +2017-08-03 Alan Modra + + * sysdeps/powerpc/mod-tlsopt-powerpc.c: Extract from + tst-tlsopt-powerpc.c with function name change and no test harness. + * sysdeps/powerpc/tst-tlsopt-powerpc.c: Remove body of test. + Call tls_get_addr_opt_test. + * sysdeps/powerpc/Makefile (LDFLAGS-tst-tlsopt-powerpc): Don't define. + (modules-names): Add mod-tlsopt-powerpc. + (mod-tlsopt-powerpc.so-no-z-defs): Define. + (tst-tlsopt-powerpc): Depend on .so. + * sysdeps/powerpc/powerpc64/tls-macros.h (__TLS_GET_ADDR): Don't + define. Expand use in TLS_GD and TLS_LD. + +Index: glibc-2.26/sysdeps/powerpc/Makefile +=================================================================== +--- glibc-2.26.orig/sysdeps/powerpc/Makefile ++++ glibc-2.26/sysdeps/powerpc/Makefile +@@ -8,9 +8,11 @@ sysdep-dl-routines += dl-machine hwcapin + sysdep_routines += dl-machine hwcapinfo + # extra shared linker files to link only into dl-allobjs.so + sysdep-rtld-routines += dl-machine hwcapinfo +-# Don't optimize GD tls sequence to LE. +-LDFLAGS-tst-tlsopt-powerpc += -Wl,--no-tls-optimize ++ ++modules-names += mod-tlsopt-powerpc ++mod-tlsopt-powerpc.so-no-z-defs = yes + tests += tst-tlsopt-powerpc ++$(objpfx)tst-tlsopt-powerpc: $(objpfx)mod-tlsopt-powerpc.so + + ifneq (no,$(multi-arch)) + tests-static += tst-tlsifunc-static +Index: glibc-2.26/sysdeps/powerpc/mod-tlsopt-powerpc.c +=================================================================== +--- /dev/null ++++ glibc-2.26/sysdeps/powerpc/mod-tlsopt-powerpc.c +@@ -0,0 +1,49 @@ ++/* shared library to test for __tls_get_addr optimization. */ ++#include ++ ++#include "../../elf/tls-macros.h" ++#include "dl-tls.h" ++ ++/* common 'int' variable in TLS. */ ++COMMON_INT_DEF(foo); ++ ++ ++int ++tls_get_addr_opt_test (void) ++{ ++ int result = 0; ++ ++ /* Get variable using general dynamic model. */ ++ int *ap = TLS_GD (foo); ++ if (*ap != 0) ++ { ++ printf ("foo = %d\n", *ap); ++ result = 1; ++ } ++ ++ tls_index *tls_arg; ++#ifdef __powerpc64__ ++ register unsigned long thread_pointer __asm__ ("r13"); ++ asm ("addi %0,2,foo@got@tlsgd" : "=r" (tls_arg)); ++#else ++ register unsigned long thread_pointer __asm__ ("r2"); ++ asm ("bcl 20,31,1f\n1:\t" ++ "mflr %0\n\t" ++ "addis %0,%0,_GLOBAL_OFFSET_TABLE_-1b@ha\n\t" ++ "addi %0,%0,_GLOBAL_OFFSET_TABLE_-1b@l\n\t" ++ "addi %0,%0,foo@got@tlsgd" : "=b" (tls_arg)); ++#endif ++ ++ if (tls_arg->ti_module != 0) ++ { ++ printf ("tls_index not optimized, binutils too old?\n"); ++ result = 1; ++ } ++ else if (tls_arg->ti_offset + thread_pointer != (unsigned long) ap) ++ { ++ printf ("tls_index->ti_offset wrong value\n"); ++ result = 1; ++ } ++ ++ return result; ++} +Index: glibc-2.26/sysdeps/powerpc/powerpc64/tls-macros.h +=================================================================== +--- glibc-2.26.orig/sysdeps/powerpc/powerpc64/tls-macros.h ++++ glibc-2.26/sysdeps/powerpc/powerpc64/tls-macros.h +@@ -18,13 +18,11 @@ + __result; \ + }) + +-#define __TLS_GET_ADDR "__tls_get_addr" +- + /* PowerPC64 Local Dynamic TLS access. */ + #define TLS_LD(x) \ + ({ int * __result; \ + asm ("addi 3,2," #x "@got@tlsld\n\t" \ +- "bl " __TLS_GET_ADDR "\n\t" \ ++ "bl __tls_get_addr\n\t" \ + "nop \n\t" \ + "addis %0,3," #x "@dtprel@ha\n\t" \ + "addi %0,%0," #x "@dtprel@l" \ +@@ -36,7 +34,7 @@ + #define TLS_GD(x) \ + ({ register int *__result __asm__ ("r3"); \ + asm ("addi 3,2," #x "@got@tlsgd\n\t" \ +- "bl " __TLS_GET_ADDR "\n\t" \ ++ "bl __tls_get_addr\n\t" \ + "nop " \ + : "=r" (__result) : \ + : __TLS_CALL_CLOBBERS); \ +Index: glibc-2.26/sysdeps/powerpc/tst-tlsopt-powerpc.c +=================================================================== +--- glibc-2.26.orig/sysdeps/powerpc/tst-tlsopt-powerpc.c ++++ glibc-2.26/sysdeps/powerpc/tst-tlsopt-powerpc.c +@@ -1,51 +1,11 @@ + /* glibc test for __tls_get_addr optimization. */ +-#include +- +-#include "../../elf/tls-macros.h" +-#include "dl-tls.h" +- +-/* common 'int' variable in TLS. */ +-COMMON_INT_DEF(foo); +- + + static int + do_test (void) + { +- int result = 0; +- +- /* Get variable using general dynamic model. */ +- int *ap = TLS_GD (foo); +- if (*ap != 0) +- { +- printf ("foo = %d\n", *ap); +- result = 1; +- } +- +- tls_index *tls_arg; +-#ifdef __powerpc64__ +- register unsigned long thread_pointer __asm__ ("r13"); +- asm ("addi %0,2,foo@got@tlsgd" : "=r" (tls_arg)); +-#else +- register unsigned long thread_pointer __asm__ ("r2"); +- asm ("bcl 20,31,1f\n1:\t" +- "mflr %0\n\t" +- "addis %0,%0,_GLOBAL_OFFSET_TABLE_-1b@ha\n\t" +- "addi %0,%0,_GLOBAL_OFFSET_TABLE_-1b@l\n\t" +- "addi %0,%0,foo@got@tlsgd" : "=b" (tls_arg)); +-#endif +- +- if (tls_arg->ti_module != 0) +- { +- printf ("tls_index not optimized, binutils too old?\n"); +- result = 1; +- } +- else if (tls_arg->ti_offset + thread_pointer != (unsigned long) ap) +- { +- printf ("tls_index->ti_offset wrong value\n"); +- result = 1; +- } ++ extern int tls_get_addr_opt_test (void); + +- return result; ++ return tls_get_addr_opt_test (); + } + + #include